Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

From: Simo Sorce <simo redhat com>
To: David Woodhouse <dwmw2 infradead org>
Cc: Russ Allbery <rra stanford edu>, guido pch mit edu, Günther <agx sigxcpu org>, gnome-keyring-list gnome org, krbdev mit edu, Stef Walter <stefw collabora co uk>
Subject: Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
Date: Thu, 16 Jun 2011 11:10:19 -0400

On Thu, 2011-06-16 at 15:49 +0100, David Woodhouse wrote:
> AFAICT most Windows sites *don't* set a policy. They just use the
> standard Windows default of 10-hour/10-day tickets — because it
> doesn't
> really make any significant difference to Windows clients, does it?

They don't really need to because they can obtain a new ticket from
scratch every time you unlock the screensaver (to which you give your
password), which is what we do with sssd as well as the password goes
down the pipe through pam.

So the case where a 10h/10d policy is not enough is extremely rare.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

Follow-Ups:
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Luke Howard

References:
- gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Stef Walter
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]